[Cryptography] HSM's to be required for Code Signing Certificates
Salz, Rich
rsalz at akamai.com
Mon Jan 30 08:52:40 EST 2017
> This (or the mere count of digital signature operations performed during an
> HSM session, reported in a trustworthy way) is actually missing from the
> most readily documented HSM deployment project, the DNSSEC root KSK
> signature ceremonies held by IANA on a regular basis.
The HSM's used in the SET key-signing included in every reply, an operation count, and a digest of the input parameters.
It was custom code embedded in the HSM by CertCo. I have one as a souvenir. I wish all HSM's did that.
More information about the cryptography
mailing list